This site may earn affiliate commissions from the links on this page. Terms of use.

In the 24 years Aaron Swartz has been alive he’s done a lot in the world of technology. His first notable achievement was helping to write the RSS 1.0 specification when just 14. He then went on to co-found his biggest venture yet, Reddit. In 2007 Reddit’s parent company asked Swartz to leave and his current focus seems to be his new venture, Demand Progress. He sounds like the type of person you’d want working on your next big project, but is currently facing up to 35 years in prison for data theft.

Swartz was indicted in Boston today where he stands accused of breaking into a secure and restricted area of MIT. Multiple visits to that restricted area are thought to have occurred with him entering a computer wiring closet to access MIT’s systems. Once in he stole 4.8 million documents from JSTOR.

JSTOR is a not-for-profit service offering a digital archive of scientific journals and papers. The only reason he could have for taking such documents is because their access is restricted to academic establishments and libraries, but they are the places most likely to need the information in the archive.

The United States Attorney for the District of Massachussetts, Carmen M. Ortiz, plans to press charges because “stealing is stealing” regardless of what you steal and what you use to steal it with. A guilty verdict could mean 35 years in prison and up to a $1 million fine.

According to the indictment filing Swartz is also accused of taking measures to elude detection and identification while accessing the system over several months. It is suggested he intended to share those documents on “one of more file-sharing networks.”

The computer used to grab the documents was an Acer laptop purchased on September 24th last year. On the same day he entered Building 16 on the MIT campus and accessed the network from a wiring closet using a guest user registration. The username used was “Gary Host” and his machine was identified as “ghost laptop”.

In order to elude detection the email Swartz used was a Mailinator throwaway address which automatically gets deleted after a few hours. He also setup software on the laptop that quickly downloaded large chunks of the JSTOR archive while at the same time sidestepping any security the system had in place to prevent such behavior. This was mainly achieved by continously changing the IP address of the laptop seen accessing the network.

The downloading did not occur over a single day as MIT managed to block the laptop from accessing the system by flagging its MAC address. So Swartz returned on October 2nd with a spoofed MAC address to avoid the block. This escalated on October 8th when a second computer was connected to the network by him using the guest name “Grace Host” with the computer identified as “ghost macbook.”

This behavior continued through November, December, and into January with Swartz managing to download millions of documents. With the two computers active, along with the addition of an external hard drive for increased storage capacity, he even managed to bring down parts of the network due to an overload of traffic because of the rate of file transfers that were occurring. It is also thought the computers were left in place with Swartz returning to collect them at a later date.

Events came to a head in early January when Swartz started trying to hide his identity by using his bike helmet to cover his face when entering MIT buildings as well as changing the location of where his computers were connected. MIT Police did eventually spot him on January 6th, but he fled.

Now it seems MIT has collected the evidence required to get a conviction and things don’t look good for Swartz. The details of what Swartz did seem quite thorough meaning this could be very difficult to fight in court other than to try and prove it wasn’t actually him carrying out this data theft.

An alternative view is offered by the Demand Progress blog where the organization sees the charges as making no sense. As far as they can tell Swartz has been indicted for what amounts to “checking too many books out of the library.”